WhatsApp users targeted by homoglyph attack peddling free tickets to theme park

Do you see anything suspicious in the message displayed above in this article’s featured image?

Alton Towers is giving away 5 free tickets to 500 families

Many WhatsApp users would probably view it as innocent enough, appearing to offer free tickets to a British theme park. Indeed, some might be so convinced that the message is legitimate that they forward it on to their own friends and family via WhatsApp, hoping to increase the chances of their loved ones enjoying a free day out at Alton Towers.

But the truth is that clicking or sharing the link could put you, or your nearest and dearest, at risk of being scammed by internet fraudsters.

The message should not only be treated with caution because it seems too good to be true but also because when examined closely there’s evidence that the message isn’t all it claims to be.

The clue is in the URL, reported The Sun.

Do you see the dot above the “o” in altontowers.com? The “o” is in fact an “ȯ” – a regular “o” with a dot, or diacritic mark, placed above it.

It’s not a character that many of us are used to seeing, but it is used in some central European languages, and for that reason, it’s supported by Unicode. Unfortunately, technology’s admirable ability to handle a wide variety of languages comes at a price – fraudsters are able to abuse the feature to trick you into believing that you are reading something different from what is being shown.

This is known as a homoglyph attack in that it exploits the close similarity between two different characters. For years, scammers have been duping unsuspecting internet users into clicking on dangerous links by using the simple technique.

Most users will never notice the dot, especially (Read more...)